Skip Links

DRM vs. ERM: battle to control data

By Ed Gaudet, special to Network World
December 15, 2006 12:10 AM ET
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Network World - Over the past three years digital rights management and enterprise rights management have gained attention because of copyright issues involving digital media and leakage of sensitive data. Unfortunately, the terms are often used interchangeably even though they mean different things.

DRM and ERM share common technical concepts, such as encryption to control access to data and application- or device-level functionality to control usage. But DRM focuses on securing static content tied to a per-user access and usage license, while ERM focuses on controlling dynamic content tied to a business process that users may come in and out of on a regular basis. ERM enables companies to extend security to third-party partners, suppliers and customers.

Here are a few more key differences:

•  Content monetization vs. life-cycle control: DRM restricts the access and use of digital files; its business problem is optimal monetization of digital content while protecting the interests of copyright holders.

Today, this content is in the form of music and video files. The goal is to restrict content access to its owner, which is an individual consumer. By contrast, ERM controls access to and usage of electronic data in various formats such as word processor documents, spreadsheets,_e-mail, PDF files and CAD diagrams. ERM allows for persistent control of content (regardless of where or when access occurs) and enables an enterprise to control access to intellectual property or other confidential business information that needs to be secured for privacy, competitive or compliance reasons.

Unlike DRM, which tends to deal with static and published content (one song to one consumer), ERM focuses on controlling information throughout its life cycle, and that life cycle is often highly collaborative.

•  The ecosystem and technical implementations differ: Both approaches include the notion of a policy server in which rights are defined, an encryption mechanism that controls access to the data, and a software client or device that enforces the policy (which authenticated user has what rights based on content).

DRM tends to focus on the media format and device, with the two most common systems offered by Apple and Microsoft. Apple's FairPlay software is exclusively tied to the encrypted Advanced Audio Coding format, iPod media player and the iTunes online store. Microsoft is more open with Windows Media DRM in that it licenses components of the DRM platform to other vendors for use.

Enterprise vs. digital rights management

  Enterprise rights management Digital rights management
Content type Dynamic. ERM operates in a collaborative environment by handling multiple users with different access and usage rights.
Static. DRM is focused on securing one document or media file at a time, with the goal of mass distribution in a noncollaborative environment.
Business case Information protection for the entire life cycle of information from creation to archiving with complete auditing and reporting. Content monetization through the controlled access to digital content. Used primarily by the originators/distributors of content to sell information or media.
Infrastructure Actively updates users’ rights as collaborative environments change. Client machines interact with policy servers that distribute and update rights.

Controls access rights through proprietary devices and file types. Rights are not designed to be transferable or updated.

 

User experience Flexible interface is imperative for successful implementation and user adoption. An easy (if not transparent) user experience is required to gain market adoption. Users are not expected to change or edit the content.
Click to see:

With ERM, the controls are tied to the native applications, which have the ability to produce and consume protected data in several formats. For example, Microsoft Word supports a number of file formats (.doc, .txt, .xml, .dot, .rtf, .wps, .htm and .html). ERM enablement is accomplished with a provider's software developers kit (SDK) and associated APIs and delivered using one or more of the following approaches: natively by the application vendor, through a plug-in or by an ERM integration agent that leverages the strength of the SDK approach with the flexibility and time to market of a plug-in.

ERM solutions with SDKs include Microsoft's Rights Management Services and Adobe's Policy Server. ERM vendors by acquisition include EMC and Oracle, which use plug-in approaches to application enablement and do not offer an SDK.

Each approach has its advantages and disadvantages; however, only the integration agent provides cross-application control such as secure clipboard, the ability to support all of an application's file formats interchangeably, and enterprise-class management of multiple applications, which simplifies distribution, upgrades and integration.

As a steward of customer and corporate data, understanding the difference between the often controversial DRM and ERM is critical to your organization's agility and long-term success with controlling electronic information.

Gaudet is vice president of product management and marketing for Liquid Machines, which provides an ERM system that supports out-of-the-box integration with Microsoft's RMS. He can be reached at egaudet@liquidmachines.com.

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News